Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: CC-BY-SA-4.0
While we try to use best practices in this workshop, we made a couple of concessions to simplicity.
- Rather than using Secrets Manager, we stored the DocumentDB credentials as attributes in CloudMap. This should never be done in production, but there is not a clean programmatic way to generate secrets.
- The permissions granted to Cloud9 and other resources could be more narrowly scoped.